DBSecurityService


1   package org.apache.turbine.services.security.db;
2   
3   /*
4    * Copyright 2001-2004 The Apache Software Foundation.
5    *
6    * Licensed under the Apache License, Version 2.0 (the "License")
7    * you may not use this file except in compliance with the License.
8    * You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing, software
13   * distributed under the License is distributed on an "AS IS" BASIS,
14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   * See the License for the specific language governing permissions and
16   * limitations under the License.
17   */
18  
19  import java.util.ArrayList  ;
20  import java.util.Hashtable  ;
21  import java.util.Iterator  ;
22  import java.util.List  ;
23  import java.util.Vector  ;
24  
25  import org.apache.commons.lang.StringUtils;
26  import org.apache.commons.logging.Log;
27  import org.apache.commons.logging.LogFactory;
28  import org.apache.torque.om.BaseObject;
29  import org.apache.torque.util.Criteria;
30  import org.apache.turbine.om.security.Group;
31  import org.apache.turbine.om.security.Permission;
32  import org.apache.turbine.om.security.Role;
33  import org.apache.turbine.om.security.User;
34  import org.apache.turbine.om.security.peer.GroupPeer;
35  import org.apache.turbine.om.security.peer.PermissionPeer;
36  import org.apache.turbine.om.security.peer.RolePeer;
37  import org.apache.turbine.om.security.peer.RolePermissionPeer;
38  import org.apache.turbine.om.security.peer.UserGroupRolePeer;
39  import org.apache.turbine.om.security.peer.UserPeer;
40  import org.apache.turbine.services.security.BaseSecurityService;
41  import org.apache.turbine.services.security.TurbineSecurity;
42  import org.apache.turbine.util.security.AccessControlList;
43  import org.apache.turbine.util.security.DataBackendException;
44  import org.apache.turbine.util.security.EntityExistsException;
45  import org.apache.turbine.util.security.GroupSet;
46  import org.apache.turbine.util.security.PermissionSet;
47  import org.apache.turbine.util.security.RoleSet;
48  import org.apache.turbine.util.security.UnknownEntityException;
49  
50  /**
51   * An implementation of SecurityService that uses a database as backend.
52   *
53   * @author <a HREF="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a>
54   * @author <a HREF="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
55   * @author <a HREF="mailto:marco@intermeta.de">Marco Kn&uuml;ttel</a>
56   * @version $Id: DBSecurityService.java,v 1.20.2.2 2004/05/20 03:06:49 seade Exp $
57   */
58  public class DBSecurityService
59          extends BaseSecurityService
60  {
61      /** Logging */
62      private static Log log = LogFactory.getLog(DBSecurityService.class);
63  
64      /**
65       * The key within services's properties for user implementation
66       * classname (user.class)  - Leandro
67       */
68      public static final String   USER_PEER_CLASS_KEY = "userPeer.class";
69  
70      /**
71       * The default implementation of User interface
72       * (org.apache.turbine.om.security.DBUser)
73       */
74      public static final String   USER_PEER_CLASS_DEFAULT =
75              "org.apache.turbine.om.security.peer.TurbineUserPeer";
76  
77      /*-----------------------------------------------------------------------
78        Creation of AccessControlLists
79        -----------------------------------------------------------------------*/
80  
81      /**
82       * Constructs an AccessControlList for a specific user.
83       *
84       * This method creates a snapshot of the state of security information
85       * concerning this user, at the moment of invocation and stores it
86       * into an AccessControlList object.
87       *
88       * @param user the user for whom the AccessControlList are to be retrieved
89       * @return A new AccessControlList object.
90       * @throws DataBackendException if there was an error accessing the data
91       *         backend.
92       * @throws UnknownEntityException if user account is not present.
93       */
94      public AccessControlList getACL(User user)
95              throws DataBackendException, UnknownEntityException
96      {
97          if (!TurbineSecurity.accountExists(user))
98          {
99              throw new UnknownEntityException("The account '"
100                     + user.getName() + "' does not exist");
101         }
102         try
103         {
104             Hashtable   roles = new Hashtable  ();
105             Hashtable   permissions = new Hashtable  ();
106             // notify the state modifiers (writers) that we want to create
107             // the snapshot.
108             lockShared();
109 
110             // construct the snapshot:
111 
112             // foreach group in the system
113             for (Iterator   groupsIterator = getAllGroups().iterator();
114                  groupsIterator.hasNext();)
115             {
116                 Group group = (Group) groupsIterator.next();
117                 // get roles of user in the group
118                 RoleSet groupRoles = RolePeer.retrieveSet(user, group);
119                 // put the Set into roles(group)
120                 roles.put(group, groupRoles);
121                 // collect all permissions in this group
122                 PermissionSet groupPermissions = new PermissionSet();
123                 // foreach role in Set
124                 for (Iterator   rolesIterator = groupRoles.iterator();
125                      rolesIterator.hasNext();)
126                 {
127                     Role role = (Role) rolesIterator.next();
128                     // get permissions of the role
129                     PermissionSet rolePermissions
130                             = PermissionPeer.retrieveSet(role);
131                     groupPermissions.add(rolePermissions);
132                 }
133                 // put the Set into permissions(group)
134                 permissions.put(group, groupPermissions);
135             }
136             return getAclInstance(roles, permissions);
137         }
138         catch (Exception   e)
139         {
140             throw new DataBackendException("Failed to build ACL for user '"
141                     + user.getName() + "'", e);
142         }
143         finally
144         {
145             // notify the state modifiers that we are done creating the snapshot
146             unlockShared();
147         }
148     }
149 
150     /*-----------------------------------------------------------------------
151       Security management
152       -----------------------------------------------------------------------*/
153 
154     /**
155      * Grant an User a Role in a Group.
156      *
157      * @param user the user.
158      * @param group the group.
159      * @param role the role.
160      * @throws DataBackendException if there was an error accessing the data
161      *         backend.
162      * @throws UnknownEntityException if user account, group or role is not
163      *         present.
164      */
165     public synchronized void grant(User user, Group group, Role role)
166             throws DataBackendException, UnknownEntityException
167     {
168         boolean userExists = false;
169         boolean groupExists = false;
170         boolean roleExists = false;
171         try
172         {
173             lockExclusive();
174             userExists = TurbineSecurity.accountExists(user);
175             groupExists = checkExists(group);
176             roleExists = checkExists(role);
177             if (userExists && groupExists && roleExists)
178             {
179                 Criteria criteria = new Criteria();
180                 criteria.add(UserGroupRolePeer.USER_ID,
181                         ((BaseObject) user).getPrimaryKey());
182                 criteria.add(UserGroupRolePeer.GROUP_ID,
183                         ((BaseObject) group).getPrimaryKey());
184                 criteria.add(UserGroupRolePeer.ROLE_ID,
185                         ((BaseObject) role).getPrimaryKey());
186                 UserGroupRolePeer.doInsert(criteria);
187                 return;
188             }
189         }
190         catch (Exception   e)
191         {
192             throw new DataBackendException("grant(User,Group,Role) failed", e);
193         }
194         finally
195         {
196             unlockExclusive();
197         }
198         if (!userExists)
199         {
200             throw new UnknownEntityException("Unknown user '"
201                     + user.getName() + "'");
202         }
203         if (!groupExists)
204         {
205             throw new UnknownEntityException("Unknown group '"
206                     + group.getName() + "'");
207         }
208         if (!roleExists)
209         {
210             throw new UnknownEntityException("Unknown role '"
211                     + role.getName() + "'");
212         }
213     }
214 
215     /**
216      * Revoke a Role in a Group from an User.
217      *
218      * @param user the user.
219      * @param group the group.
220      * @param role the role.
221      * @throws DataBackendException if there was an error accessing the data
222      *         backend.
223      * @throws UnknownEntityException if user account, group or role is not
224      *         present.
225      */
226     public synchronized void revoke(User user, Group group, Role role)
227             throws DataBackendException, UnknownEntityException
228     {
229         boolean userExists = false;
230         boolean groupExists = false;
231         boolean roleExists = false;
232         try
233         {
234             lockExclusive();
235             userExists = TurbineSecurity.accountExists(user);
236             groupExists = checkExists(group);
237             roleExists = checkExists(role);
238             if (userExists && groupExists && roleExists)
239             {
240                 Criteria criteria = new Criteria();
241                 criteria.add(UserGroupRolePeer.USER_ID,
242                         ((BaseObject) user).getPrimaryKey());
243                 criteria.add(UserGroupRolePeer.GROUP_ID,
244                         ((BaseObject) group).getPrimaryKey());
245                 criteria.add(UserGroupRolePeer.ROLE_ID,
246                         ((BaseObject) role).getPrimaryKey());
247                 UserGroupRolePeer.doDelete(criteria);
248                 return;
249             }
250         }
251         catch (Exception   e)
252         {
253             throw new DataBackendException("revoke(User,Role,Group) failed", e);
254         }
255         finally
256         {
257             unlockExclusive();
258         }
259         if (!userExists)
260         {
261             throw new UnknownEntityException("Unknown user '"
262                     + user.getName() + "'");
263         }
264         if (!groupExists)
265         {
266             throw new UnknownEntityException("Unknown group '"
267                     + group.getName() + "'");
268         }
269         if (!roleExists)
270         {
271             throw new UnknownEntityException("Unknown role '"
272                     + role.getName() + "'");
273         }
274     }
275 
276     /**
277      * Revokes all roles from an User.
278      *
279      * This method is used when deleting an account.
280      *
281      * @param user the User.
282      * @throws DataBackendException if there was an error accessing the data
283      *         backend.
284      * @throws UnknownEntityException if the account is not present.
285      */
286     public synchronized void revokeAll(User user)
287             throws DataBackendException, UnknownEntityException
288     {
289         boolean userExists = false;
290         try
291         {
292             lockExclusive();
293             userExists = TurbineSecurity.accountExists(user);
294             if (userExists)
295             {
296                 Criteria criteria = new Criteria();
297                 criteria.add(UserGroupRolePeer.USER_ID,
298                         ((BaseObject) user).getPrimaryKey());
299                 UserGroupRolePeer.doDelete(criteria);
300                 return;
301             }
302         }
303         catch (Exception   e)
304         {
305             throw new DataBackendException("revokeAll(User) failed", e);
306         }
307         finally
308         {
309             unlockExclusive();
310         }
311         throw new UnknownEntityException("Unknown user '"
312                 + user.getName() + "'");
313     }
314 
315     /**
316      * Grants a Role a Permission
317      *
318      * @param role the Role.
319      * @param permission the Permission.
320      * @throws DataBackendException if there was an error accessing the data
321      *         backend.
322      * @throws UnknownEntityException if role or permission is not present.
323      */
324     public synchronized void grant(Role role, Permission permission)
325             throws DataBackendException, UnknownEntityException
326     {
327         boolean roleExists = false;
328         boolean permissionExists = false;
329         try
330         {
331             lockExclusive();
332             roleExists = checkExists(role);
333             permissionExists = checkExists(permission);
334             if (roleExists && permissionExists)
335             {
336                 Criteria criteria = new Criteria();
337                 criteria.add(RolePermissionPeer.ROLE_ID,
338                         ((BaseObject) role).getPrimaryKey());
339                 criteria.add(RolePermissionPeer.PERMISSION_ID,
340                         ((BaseObject) permission).getPrimaryKey());
341                 UserGroupRolePeer.doInsert(criteria);
342                 return;
343             }
344         }
345         catch (Exception   e)
346         {
347             throw new DataBackendException("grant(Role,Permission) failed", e);
348         }
349         finally
350         {
351             unlockExclusive();
352         }
353         if (!roleExists)
354         {
355             throw new UnknownEntityException("Unknown role '"
356                     + role.getName() + "'");
357         }
358         if (!permissionExists)
359         {
360             throw new UnknownEntityException("Unknown permission '"
361                     + permission.getName() + "'");
362         }
363     }
364 
365     /**
366      * Revokes a Permission from a Role.
367      *
368      * @param role the Role.
369      * @param permission the Permission.
370      * @throws DataBackendException if there was an error accessing the data
371      *         backend.
372      * @throws UnknownEntityException if role or permission is not present.
373      */
374     public synchronized void revoke(Role role, Permission permission)
375             throws DataBackendException, UnknownEntityException
376     {
377         boolean roleExists = false;
378         boolean permissionExists = false;
379         try
380         {
381             lockExclusive();
382             roleExists = checkExists(role);
383             permissionExists = checkExists(permission);
384             if (roleExists && permissionExists)
385             {
386                 Criteria criteria = new Criteria();
387                 criteria.add(RolePermissionPeer.ROLE_ID,
388                         ((BaseObject) role).getPrimaryKey());
389                 criteria.add(RolePermissionPeer.PERMISSION_ID,
390                         ((BaseObject) permission).getPrimaryKey());
391                 RolePermissionPeer.doDelete(criteria);
392                 return;
393             }
394         }
395         catch (Exception   e)
396         {
397             throw new DataBackendException("revoke(Role,Permission) failed", e);
398         }
399         finally
400         {
401             unlockExclusive();
402         }
403         if (!roleExists)
404         {
405             throw new UnknownEntityException("Unknown role '"
406                     + role.getName() + "'");
407         }
408         if (!permissionExists)
409         {
410             throw new UnknownEntityException("Unknown permission '"
411                     + permission.getName() + "'");
412         }
413     }
414 
415     /**
416      * Revokes all permissions from a Role.
417      *
418      * This method is user when deleting a Role.
419      *
420      * @param role the Role
421      * @throws DataBackendException if there was an error accessing the data
422      *         backend.
423      * @throws UnknownEntityException if the Role is not present.
424      */
425     public synchronized void revokeAll(Role role)
426             throws DataBackendException, UnknownEntityException
427     {
428         boolean roleExists = false;
429         try
430         {
431             lockExclusive();
432             roleExists = checkExists(role);
433             if (roleExists)
434             {
435                 Criteria criteria = new Criteria();
436                 criteria.add(RolePermissionPeer.ROLE_ID,
437                         ((BaseObject) role).getPrimaryKey());
438                 RolePermissionPeer.doDelete(criteria);
439 
440                 return;
441             }
442         }
443         catch (Exception   e)
444         {
445             throw new DataBackendException("revokeAll(Role) failed", e);
446         }
447         finally
448         {
449             unlockExclusive();
450         }
451         throw new UnknownEntityException("Unknown role '"
452                 + role.getName() + "'");
453     }
454 
455     /*-----------------------------------------------------------------------
456       Group/Role/Permission management
457       -----------------------------------------------------------------------*/
458 
459     /**
460      * Retrieve a set of Groups that meet the specified Criteria.
461      *
462      * @param criteria A Criteria of Group selection.
463      * @return a set of Groups that meet the specified Criteria.
464      * @throws DataBackendException if there was an error accessing the data
465      *         backend.
466      */
467     public GroupSet getGroups(Criteria criteria)
468             throws DataBackendException
469     {
470         Criteria dbCriteria = new Criteria();
471         Iterator   keys = criteria.keySet().iterator();
472         while (keys.hasNext())
473         {
474             String   key = (String  ) keys.next();
475             dbCriteria.put(GroupPeer.getColumnName(key), criteria.get(key));
476         }
477         List   groups = new ArrayList  (0);
478         try
479         {
480             groups = GroupPeer.doSelect(criteria);
481         }
482         catch (Exception   e)
483         {
484             throw new DataBackendException("getGroups(Criteria) failed", e);
485         }
486         return new GroupSet(groups);
487     }
488 
489     /**
490      * Retrieve a set of Roles that meet the specified Criteria.
491      *
492      * @param criteria A Criteria of Roles selection.
493      * @return a set of Roles that meet the specified Criteria.
494      * @throws DataBackendException if there was an error accessing the data
495      *         backend.
496      */
497     public RoleSet getRoles(Criteria criteria)
498             throws DataBackendException
499     {
500         Criteria dbCriteria = new Criteria();
501         Iterator   keys = criteria.keySet().iterator();
502         while (keys.hasNext())
503         {
504             String   key = (String  ) keys.next();
505             dbCriteria.put(RolePeer.getColumnName(key), criteria.get(key));
506         }
507         List   roles = new ArrayList  (0);
508         try
509         {
510             roles = RolePeer.doSelect(criteria);
511         }
512         catch (Exception   e)
513         {
514             throw new DataBackendException("getRoles(Criteria) failed", e);
515         }
516         return new RoleSet(roles);
517     }
518 
519     /**
520      * Retrieve a set of Permissions that meet the specified Criteria.
521      *
522      * @param criteria A Criteria of Permissions selection.
523      * @return a set of Permissions that meet the specified Criteria.
524      * @throws DataBackendException if there was an error accessing the data
525      *         backend.
526      */
527     public PermissionSet getPermissions(Criteria criteria)
528             throws DataBackendException
529     {
530         Criteria dbCriteria = new Criteria();
531         Iterator   keys = criteria.keySet().iterator();
532         while (keys.hasNext())
533         {
534             String   key = (String  ) keys.next();
535             dbCriteria.put(PermissionPeer.getColumnName(key),
536                     criteria.get(key));
537         }
538         List   permissions = new Vector  (0);
539         try
540         {
541             permissions = PermissionPeer.doSelect(criteria);
542         }
543         catch (Exception   e)
544         {
545             throw new DataBackendException(
546                     "getPermissions(Criteria) failed", e);
547         }
548         return new PermissionSet(permissions);
549     }
550 
551     /**
552      * Retrieves all permissions associated with a role.
553      *
554      * @param role the role name, for which the permissions are to be retrieved.
555      * @return A Permission set for the Role.
556      * @throws DataBackendException if there was an error accessing the data
557      *         backend.
558      * @throws UnknownEntityException if the role is not present.
559      */
560     public PermissionSet getPermissions(Role role)
561             throws DataBackendException, UnknownEntityException
562     {
563         boolean roleExists = false;
564         try
565         {
566             lockShared();
567             roleExists = checkExists(role);
568             if (roleExists)
569             {
570                 return PermissionPeer.retrieveSet(role);
571             }
572         }
573         catch (Exception   e)
574         {
575             throw new DataBackendException("getPermissions(Role) failed", e);
576         }
577         finally
578         {
579             unlockShared();
580         }
581         throw new UnknownEntityException("Unknown role '"
582                 + role.getName() + "'");
583     }
584 
585     /**
586      * Stores Group's attributes. The Groups is required to exist in the system.
587      *
588      * @param group The Group to be stored.
589      * @throws DataBackendException if there was an error accessing the data
590      *         backend.
591      * @throws UnknownEntityException if the group does not exist.
592      */
593     public void saveGroup(Group group)
594             throws DataBackendException, UnknownEntityException
595     {
596         boolean groupExists = false;
597         try
598         {
599             groupExists = checkExists(group);
600             if (groupExists)
601             {
602                 Criteria criteria = GroupPeer.buildCriteria(group);
603                 GroupPeer.doUpdate(criteria);
604                 return;
605             }
606         }
607         catch (Exception   e)
608         {
609             throw new DataBackendException("saveGroup(Group) failed", e);
610         }
611         throw new UnknownEntityException("Unknown group '" + group + "'");
612     }
613 
614     /**
615      * Stores Role's attributes. The Roles is required to exist in the system.
616      *
617      * @param role The Role to be stored.
618      * @throws DataBackendException if there was an error accessing the data
619      *         backend.
620      * @throws UnknownEntityException if the role does not exist.
621      */
622     public void saveRole(Role role)
623             throws DataBackendException, UnknownEntityException
624     {
625         boolean roleExists = false;
626         try
627         {
628             roleExists = checkExists(role);
629             if (roleExists)
630             {
631                 Criteria criteria = RolePeer.buildCriteria(role);
632                 RolePeer.doUpdate(criteria);
633                 return;
634             }
635         }
636         catch (Exception   e)
637         {
638             throw new DataBackendException("saveRole(Role) failed", e);
639         }
640         throw new UnknownEntityException("Unknown role '" + role + "'");
641     }
642 
643     /**
644      * Stores Permission's attributes. The Permissions is required to exist in
645      * the system.
646      *
647      * @param permission The Permission to be stored.
648      * @throws DataBackendException if there was an error accessing the data
649      *         backend.
650      * @throws UnknownEntityException if the permission does not exist.
651      */
652     public void savePermission(Permission permission)
653             throws DataBackendException, UnknownEntityException
654     {
655         boolean permissionExists = false;
656         try
657         {
658             permissionExists = checkExists(permission);
659             if (permissionExists)
660             {
661                 Criteria criteria = PermissionPeer.buildCriteria(permission);
662                 PermissionPeer.doUpdate(criteria);
663                 return;
664             }
665         }
666         catch (Exception   e)
667         {
668             throw new DataBackendException(
669                     "savePermission(Permission) failed", e);
670         }
671         throw new UnknownEntityException("Unknown permission '"
672                 + permission + "'");
673     }
674 
675     /**
676      * Creates a new group with specified attributes.
677      *
678      * @param group the object describing the group to be created.
679      * @return a new Group object that has id set up properly.
680      * @throws DataBackendException if there was an error accessing the data
681      *         backend.
682      * @throws EntityExistsException if the group already exists.
683      */
684     public synchronized Group addGroup(Group group)
685             throws DataBackendException,
686             EntityExistsException
687     {
688         boolean groupExists = false;
689 
690         if (StringUtils.isEmpty(group.getName()))
691         {
692             throw new DataBackendException("Could not create "
693                     + "a group with empty name!");
694         }
695 
696         try
697         {
698             lockExclusive();
699             groupExists = checkExists(group);
700             if (!groupExists)
701             {
702                 // add a row to the table
703                 Criteria criteria = GroupPeer.buildCriteria(group);
704                 GroupPeer.doInsert(criteria);
705                 // try to get the object back using the name as key.
706                 criteria = new Criteria();
707                 criteria.add(GroupPeer.NAME,
708                         group.getName());
709                 List   results = GroupPeer.doSelect(criteria);
710                 if (results.size() != 1)
711                 {
712                     throw new DataBackendException(
713                             "Internal error - query returned "
714                             + results.size() + " rows");
715                 }
716                 Group newGroup = (Group) results.get(0);
717                 // add the group to system-wide cache
718                 getAllGroups().add(newGroup);
719                 // return the object with correct id
720                 return newGroup;
721             }
722         }
723         catch (Exception   e)
724         {
725             throw new DataBackendException("addGroup(Group) failed", e);
726         }
727         finally
728         {
729             unlockExclusive();
730         }
731         // the only way we could get here without return/throw tirggered
732         // is that the groupExists was true.
733         throw new EntityExistsException("Group '" + group + "' already exists");
734     }
735 
736     /**
737      * Creates a new role with specified attributes.
738      *
739      * @param role the object describing the role to be created.
740      * @return a new Role object that has id set up properly.
741      * @throws DataBackendException if there was an error accessing the data
742      *         backend.
743      * @throws EntityExistsException if the role already exists.
744      */
745     public synchronized Role addRole(Role role)
746             throws DataBackendException, EntityExistsException
747     {
748         boolean roleExists = false;
749 
750         if (StringUtils.isEmpty(role.getName()))
751         {
752             throw new DataBackendException("Could not create "
753                     + "a role with empty name!");
754         }
755 
756         try
757         {
758             lockExclusive();
759             roleExists = checkExists(role);
760             if (!roleExists)
761             {
762                 // add a row to the table
763                 Criteria criteria = RolePeer.buildCriteria(role);
764                 RolePeer.doInsert(criteria);
765                 // try to get the object back using the name as key.
766                 criteria = new Criteria();
767                 criteria.add(RolePeer.NAME, role.getName());
768                 List   results = RolePeer.doSelect(criteria);
769                 if (results.size() != 1)
770                 {
771                     throw new DataBackendException(
772                             "Internal error - query returned "
773                             + results.size() + " rows");
774                 }
775                 Role newRole = (Role) results.get(0);
776                 // add the role to system-wide cache
777                 getAllRoles().add(newRole);
778                 // return the object with correct id
779                 return newRole;
780             }
781         }
782         catch (Exception   e)
783         {
784             throw new DataBackendException("addRole(Role) failed", e);
785         }
786         finally
787         {
788             unlockExclusive();
789         }
790         // the only way we could get here without return/throw tirggered
791         // is that the roleExists was true.
792         throw new EntityExistsException("Role '" + role + "' already exists");
793     }
794 
795     /**
796      * Creates a new permission with specified attributes.
797      *
798      * @param permission the object describing the permission to be created.
799      * @return a new Permission object that has id set up properly.
800      * @throws DataBackendException if there was an error accessing the data
801      *         backend.
802      * @throws EntityExistsException if the permission already exists.
803      */
804     public synchronized Permission addPermission(Permission permission)
805             throws DataBackendException, EntityExistsException
806     {
807         boolean permissionExists = false;
808 
809         if (StringUtils.isEmpty(permission.getName()))
810         {
811             throw new DataBackendException("Could not create "
812                     + "a permission with empty name!");
813         }
814 
815         try
816         {
817             lockExclusive();
818             permissionExists = checkExists(permission);
819             if (!permissionExists)
820             {
821                 // add a row to the table
822                 Criteria criteria = PermissionPeer.buildCriteria(permission);
823                 PermissionPeer.doInsert(criteria);
824                 // try to get the object back using the name as key.
825                 criteria = new Criteria();
826                 criteria.add(PermissionPeer.NAME,
827                         permission.getName());
828                 List   results = PermissionPeer.doSelect(criteria);
829                 if (results.size() != 1)
830                 {
831                     throw new DataBackendException(
832                             "Internal error - query returned "
833                             + results.size() + " rows");
834                 }
835                 Permission newPermission = (Permission) results.get(0);
836                 // add the permission to system-wide cache
837                 getAllPermissions().add(newPermission);
838                 // return the object with correct id
839                 return newPermission;
840             }
841         }
842         catch (Exception   e)
843         {
844             throw new DataBackendException(
845                     "addPermission(Permission) failed", e);
846         }
847         finally
848         {
849             unlockExclusive();
850         }
851         // the only way we could get here without return/throw tirggered
852         // is that the permissionExists was true.
853         throw new EntityExistsException("Permission '" + permission
854                 + "' already exists");
855     }
856 
857     /**
858      * Removes a Group from the system.
859      *
860      * @param group The object describing the group to be removed.
861      * @throws DataBackendException if there was an error accessing the data
862      *         backend.
863      * @throws UnknownEntityException if the group does not exist.
864      */
865     public synchronized void removeGroup(Group group)
866             throws DataBackendException, UnknownEntityException
867     {
868         boolean groupExists = false;
869         try
870         {
871             lockExclusive();
872             groupExists = checkExists(group);
873             if (groupExists)
874             {
875                 Criteria criteria = GroupPeer.buildCriteria(group);
876                 GroupPeer.doDelete(criteria);
877                 getAllGroups().remove(group);
878                 return;
879             }
880         }
881         catch (Exception   e)
882         {
883             log.error("Failed to delete a Group");
884             log.error(e);
885             throw new DataBackendException("removeGroup(Group) failed", e);
886         }
887         finally
888         {
889             unlockExclusive();
890         }
891         throw new UnknownEntityException("Unknown group '" + group + "'");
892     }
893 
894     /**
895      * Removes a Role from the system.
896      *
897      * @param role The object describing the role to be removed.
898      * @throws DataBackendException if there was an error accessing the data
899      *         backend.
900      * @throws UnknownEntityException if the role does not exist.
901      */
902     public synchronized void removeRole(Role role)
903             throws DataBackendException, UnknownEntityException
904     {
905         boolean roleExists = false;
906         try
907         {
908             lockExclusive();
909             roleExists = checkExists(role);
910             if (roleExists)
911             {
912                 // revoke all permissions from the role to be deleted
913                 revokeAll(role);
914                 Criteria criteria = RolePeer.buildCriteria(role);
915                 RolePeer.doDelete(criteria);
916                 getAllRoles().remove(role);
917                 return;
918             }
919         }
920         catch (Exception   e)
921         {
922             throw new DataBackendException("removeRole(Role)", e);
923         }
924         finally
925         {
926             unlockExclusive();
927         }
928         throw new UnknownEntityException("Unknown role '" + role + "'");
929     }
930 
931     /**
932      * Removes a Permission from the system.
933      *
934      * @param permission The object describing the permission to be removed.
935      * @throws DataBackendException if there was an error accessing the data
936      *         backend.
937      * @throws UnknownEntityException if the permission does not exist.
938      */
939     public synchronized void removePermission(Permission permission)
940             throws DataBackendException, UnknownEntityException
941     {
942         boolean permissionExists = false;
943         try
944         {
945             lockExclusive();
946             permissionExists = checkExists(permission);
947             if (permissionExists)
948             {
949                 Criteria criteria = PermissionPeer.buildCriteria(permission);
950                 PermissionPeer.doDelete(criteria);
951                 getAllPermissions().remove(permission);
952                 return;
953             }
954         }
955         catch (Exception   e)
956         {
957             throw new DataBackendException("removePermission(Permission)", e);
958         }
959         finally
960         {
961             unlockExclusive();
962         }
963         throw new UnknownEntityException("Unknown permission '"
964                 + permission + "'");
965     }
966 
967     /**
968      * Renames an existing Group.
969      *
970      * @param group The object describing the group to be renamed.
971      * @param name the new name for the group.
972      * @throws DataBackendException if there was an error accessing the data
973      *         backend.
974      * @throws UnknownEntityException if the group does not exist.
975      */
976     public synchronized void renameGroup(Group group, String   name)
977             throws DataBackendException, UnknownEntityException
978     {
979         boolean groupExists = false;
980         try
981         {
982             lockExclusive();
983             groupExists = checkExists(group);
984             if (groupExists)
985             {
986                 group.setName(name);
987                 Criteria criteria = GroupPeer.buildCriteria(group);
988                 GroupPeer.doUpdate(criteria);
989                 return;
990             }
991         }
992         catch (Exception   e)
993         {
994             throw new DataBackendException("renameGroup(Group,String)", e);
995         }
996         finally
997         {
998             unlockExclusive();
999         }
1000        throw new UnknownEntityException("Unknown group '" + group + "'");
1001    }
1002
1003    /**
1004     * Renames an existing Role.
1005     *
1006     * @param role The object describing the role to be renamed.
1007     * @param name the new name for the role.
1008     * @throws DataBackendException if there was an error accessing the data
1009     *         backend.
1010     * @throws UnknownEntityException if the role does not exist.
1011     */
1012    public synchronized void renameRole(Role role, String   name)
1013            throws DataBackendException, UnknownEntityException
1014    {
1015        boolean roleExists = false;
1016        try
1017        {
1018            lockExclusive();
1019            roleExists = checkExists(role);
1020            if (roleExists)
1021            {
1022                role.setName(name);
1023                Criteria criteria = RolePeer.buildCriteria(role);
1024                RolePeer.doUpdate(criteria);
1025                return;
1026            }
1027        }
1028        catch (Exception   e)
1029        {
1030            throw new DataBackendException("renameRole(Role,String)", e);
1031        }
1032        finally
1033        {
1034            unlockExclusive();
1035        }
1036        throw new UnknownEntityException("Unknown role '" + role + "'");
1037    }
1038
1039    /**
1040     * Renames an existing Permission.
1041     *
1042     * @param permission The object describing the permission to be renamed.
1043     * @param name the new name for the permission.
1044     * @throws DataBackendException if there was an error accessing the data
1045     *         backend.
1046     * @throws UnknownEntityException if the permission does not exist.
1047     */
1048    public synchronized void renamePermission(Permission permission,
1049                                              String   name)
1050            throws DataBackendException, UnknownEntityException
1051    {
1052        boolean permissionExists = false;
1053        try
1054        {
1055            lockExclusive();
1056            permissionExists = checkExists(permission);
1057            if (permissionExists)
1058            {
1059                permission.setName(name);
1060                Criteria criteria = PermissionPeer.buildCriteria(permission);
1061                PermissionPeer.doUpdate(criteria);
1062                return;
1063            }
1064        }
1065        catch (Exception   e)
1066        {
1067            throw new DataBackendException(
1068                    "renamePermission(Permission,name)", e);
1069        }
1070        finally
1071        {
1072            unlockExclusive();
1073        }
1074        throw new UnknownEntityException("Unknown permission '"
1075                + permission + "'");
1076    }
1077
1078    /* Service specific implementation methods */
1079
1080    /**
1081     * Returns the Class object for the implementation of UserPeer interface
1082     * used by the system (defined in TR.properties)
1083     *
1084     * @return the implementation of UserPeer interface used by the system.
1085     * @throws UnknownEntityException if the system's implementation of UserPeer
1086     *         interface could not be determined.
1087     */
1088    public Class   getUserPeerClass() throws UnknownEntityException
1089    {
1090        String   userPeerClassName = getConfiguration().getString(
1091                USER_PEER_CLASS_KEY, USER_PEER_CLASS_DEFAULT);
1092        try
1093        {
1094            return Class.forName(userPeerClassName);
1095        }
1096        catch (Exception   e)
1097        {
1098            throw new UnknownEntityException(
1099                    "Failed create a Class object for UserPeer implementation", e);
1100        }
1101    }
1102
1103    /**
1104     * Construct a UserPeer object.
1105     *
1106     * This method calls getUserPeerClass, and then creates a new object using
1107     * the default constructor.
1108     *
1109     * @return an object implementing UserPeer interface.
1110     * @throws UnknownEntityException if the object could not be instantiated.
1111     */
1112    public UserPeer getUserPeerInstance() throws UnknownEntityException
1113    {
1114        UserPeer up;
1115        try
1116        {
1117            up = (UserPeer) getUserPeerClass().newInstance();
1118        }
1119        catch (Exception   e)
1120        {
1121            throw new UnknownEntityException(
1122                    "Failed instantiate an UserPeer implementation object", e);
1123        }
1124        return up;
1125    }
1126
1127    /**
1128     * Determines if the <code>Group</code> exists in the security system.
1129     *
1130     * @param group a <code>Group</code> value
1131     * @return true if the group exists in the system, false otherwise
1132     * @throws DataBackendException when more than one Group with
1133     *         the same name exists.
1134     * @throws Exception A generic exception.
1135     */
1136    protected boolean checkExists(Group group)
1137            throws DataBackendException, Exception  
1138    {
1139        return GroupPeer.checkExists(group);
1140    }
1141
1142    /**
1143     * Determines if the <code>Role</code> exists in the security system.
1144     *
1145     * @param role a <code>Role</code> value
1146     * @return true if the role exists in the system, false otherwise
1147     * @throws DataBackendException when more than one Role with
1148     *         the same name exists.
1149     * @throws Exception A generic exception.
1150     */
1151    protected boolean checkExists(Role role)
1152            throws DataBackendException, Exception  
1153    {
1154        return RolePeer.checkExists(role);
1155    }
1156
1157    /**
1158     * Determines if the <code>Permission</code> exists in the security system.
1159     *
1160     * @param permission a <code>Permission</code> value
1161     * @return true if the permission exists in the system, false otherwise
1162     * @throws DataBackendException when more than one Permission with
1163     *         the same name exists.
1164     * @throws Exception A generic exception.
1165     */
1166    protected boolean checkExists(Permission permission)
1167            throws DataBackendException, Exception  
1168    {
1169        return PermissionPeer.checkExists(permission);
1170    }
1171
1172}
1173
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags